ARAVEN, S.L.U. is the Data Controller and informs Users that personal data will be processed in accordance with the provisions of the GDPR and LOPDGDD.
The Data Controller can be contacted by e-mail at privacy@araven.com / dpd@araven.com.
Any complaints addressed to the Data Controller should be sent to the Site owner’s registered address.
a) Replying to questions sent to the Data Controller by an interested party.
Data retention period: Data will be retained until the matter raised by the interested party is resolved. Subsequently, where necessary, the information will be blocked and held for the period established by law.
Legal grounds: Legitimate interest of the Data Controller and consent granted by the interested party.
b) Managing an interested party’s subscription to their customer or User account and access to the services and operations inherent to our customers/Users.
Data retention period: Data will be held as long as the interested party does not revoke their consent and while the contractual relationship lasts. Subsequently, where necessary, the information will be blocked and held for the period established by law.
Legal grounds: Consent granted by the interested party and contractual relationship.
c) Sending commercial communications regarding our services that may be of interest to them.
Data retention period: Data will be held as long as the interested party does not revoke their consent. Subsequently, where necessary, the information will be blocked and held for the period established by law.
Legitimate grounds: Express consent granted by the interested party.
d) Managing the posting of comments on the blog.
Data retention period: Data will be held as long as the interested party does not revoke their consent. Subsequently, where necessary, the information will be blocked and held for the period established by law.
Legitimate grounds: Consent granted by the interested party.
The Data Controller may disclose your personal data to the other businesses in its group, in which case there is a legitimate and effective interest for the Data Controller.
The Data Controller hires third parties to provide their data processing services. With the exception of such entities, your personal data will not be disclosed to third parties. Should there be a reason to disclose your personal data to third parties, you will be informed in advance and, where applicable, your consent will be requested and the purpose of such disclosure and the identity of the third party to whom it will be disclosed will be specified.
However, an exception is made where legal obligations force us to disclose your personal data to a third party.
The Data Controller is subject to rules and protocols that govern the security of the processing of your personal data and guarantee that it will not be used for any purpose or by third-party companies other than those of which you were informed and for which your consent was granted
Individuals who provide us with their personal data have the following rights in regard to them:
a) Right of access
b) Right to rectification and erasure
c) Right to restrict processing
d) Right of portability
e) Right to object
f) Right to revoke consent
a) Right of access: You have the right to obtain confirmation from the Data Controller that your personal data is being processed and, in this case, to access your personal data.
b) Right to rectification: This is your right to achieve rectification of the personal data we possess that is pertinent to you.
c) Right to erasure: This is your right to have your personal data erased.
d) Right to restrict processing: This is your right to restrict the corresponding processing operations when any of the following conditions are met:
e) Right of portability: This is your right to obtain from the Data Controller, where processing of personal data is carried out by automated means, a copy of the data in a structured, commonly used and machine-readable form, and to transmit this data to another data controller of your choosing. Note that this right will not be applicable to:
f) Right to object: This is your right to object to your personal data being processed. Where the processing that is undertaken by the Data Controller is concerned, you may object to the sending of own or third-party commercial communications.
If you would like to receive more information on your rights, we suggest you should visit the website of the Agencia Española de Protección de Datos (Spanish Data Protection Agency) and consult the GDPR.
You may exercise your rights by sending an e-mail to privacy@araven.com / dpd@araven.com, clearly stating the right you would like to exercise and providing a copy of your identity document as proof of identification. You can also send your request by conventional mail to the registered address of the Data Controller indicated in Point 1 of this Privacy Policy.
In addition, we inform you of the possibility of presenting a complaint to the competent supervisory authority, in this case the Agencia Española de Protección de Datos, particularly if the exercising of your rights has not been satisfactory. You can contact the Agencia Española de Protección de Datos by telephone on +34 901 100 099 and 912 663 517 or visit their offices at Calle Jorge Juan, 6. 28001 – Madrid.
The Data Controller guarantees Users that processing is performed in compliance with all the previously mentioned data protection regulations, GDPR and LOPDGDD, and that the data is processed lawfully, in good faith and transparently in relation to the interested party, and appropriately, pertinently and restricted to what is purely necessary with regard to the purpose for which it is processed.
Furthermore, the Data Controller guarantees that all the appropriate technical and organisational policies have been implemented as stipulated by the GDPR and LOPDGDD in order to protect Users’ rights and freedoms, and that Users have been properly informed so that they may exercise them.
The Data Controller clearly states that personal data and information regarding patients and the results of tests they have taken will not be stored or processed.
All the data collected is from the interested party. By accepting this Privacy Policy, Users declare and undertake to guarantee the accuracy and truthfulness of the data they provide, and that they are the legitimate owners of this information.
Likewise, Users undertake to keep their personal information updated at all times, and to contact the Data Controller without delay regarding any important changes, such as any change to the names on their bank account, or changes to the e-mail address submitted on the corresponding forms provided on the website.
In this respect, Users accept all liability for non-compliance with the previous provision and exempt the Data Controller from any liability as regards the information that Users have not previously disclosed.